Personal Data Protection Policy

Private and Confidential

This personal data protection policy (“Policy”) is intended to help you understand our policies and practices with respect to personal data, which is subject to the Personal Data Protection Act (“PDPA”), that is collected, used and disclosed by 3 Peaks Capital Private Limited (“3 Peaks” or “us” or “we”) in Singapore. It is also intended to inform you as to how you may seek access to and correction of your personal data as well as how to make an inquiry and, if necessary, make a complaint relating to our handling of that data.

3 Peaks is committed to safeguarding and protecting personal data in a manner that complies with the PDPA and to ensure your privacy. Unless stated otherwise, this Policy is relevant to the personal data of both our current and former customers, as well as other individuals we may deal with (for example, service providers, directors, employees and shareholders).

3 Peaks may have entered into separate agreements with customers and other individuals that contain specific data protection provisions and, in such instances, the terms of those agreements shall prevail over the terms of this Policy.

What types of Personal Data do we collect?

The personal data we collect and how we do so will vary based on the reason that we are collecting the data. Personal data we collect may include:

data collected on due diligence documentations, forms, questionnaires or other documentation or communications, such as your name, NRIC number or passport number, date of birth, qualifications, working experience, telephone numbers, email, correspondence address; and

other personal data we think is necessary to your relationship with us that is permitted by or required to comply with any applicable laws and regulations and our internal control and compliance policies.

(collectively referred to as “Personal Data”)

We usually collect your Personal Data directly from you via telephone calls, face-to-face meetings, forms, questionnaires, emails and other documentation or communications but sometimes we may need to collect Personal Data about you from public domains and third parties. We shall prima facie deem all disclosure of Personal Data to us by third parties to be in accordance with the PDPA. If you are providing Personal Data relating to a third party (for example, information of directors, employees and shareholders and other service providers), by submitting the Personal Data to us, you represent and warrant that the consent of that third party has been obtained for the collection, use and disclosure of their Personal Data for the purposes listed in this Policy.

By submitting your Personal Data to us, you consent to its usage for the purposes listed in this Policy, and represent and warrant that all Personal Data submitted is correct, accurate and complete. Information received by us shall prima facie be deemed correct, accurate and complete. If there is any change in your Personal Data, you agree to inform us in a timely manner.

Purposes for which we may collect, use and disclose your Personal Data

We will collect, use and disclose Personal Data relating to you that is reasonably necessary for our business functions and activities. Typical purposes for which we may collect, use and disclose your personal data include:

advising or acting for you on matters as stated in our mandate letter(s) or agreement(s);

compliance with applicable laws, regulations and internal control and compliance policies including conducting regulatory checks on anti-money laundering and combating the financing of terrorism (AML/CFT) and other unlawful activities,

any other reasonable purposes in connection with the provision of our services, including marketing and research purposes.

(collectively referred to as “Purposes”)

Disclosure of personal data to third parties

We may provide your Personal Data to third parties for the purposes listed above. Third parties to whom we may disclose your Personal Data may include:

any agent, contractor or third party service providers engaged by you or ourselves in connection with our advising or acting for you on matters as stated in our mandate letter(s) or agreement(s);

any agent, contractor or third party service providers engaged by us to assist in the conduct of regulatory and due diligence checks;

any regulatory authorities, such as the Singapore Exchange and the Monetary Authority of Singapore, to whom we are under an obligation or otherwise required to make disclosure for their institutional purposes; and

any agent, contractor or third party service providers engaged by us for our administrative, compliance and information technology or other services in connection with the operation of our business.

In the event that third parties receive Personal Data from us, we will exercise reasonable physical, technical and organisational security arrangements to safeguard the Personal Data and to ensure the Personal Data is only used for the Purposes and for no other purposes.

The consent that you provide for the collection, use and disclosure of Personal Data will remain valid for the duration of your engagement with us and your Personal Data will be retained for as long as required and permitted under applicable laws and regulations, after which we will cease to retain the Personal Data.

Notwithstanding that we will take reasonable steps to safeguard the Personal Data, you acknowledge that no method is completely secure.

You therefore agree to indemnify us, our directors, officers, employees and agents (collectively, the “Indemnified Parties”) against any loss, liability, costs, expense, claim, action or demand which each of the Indemnified Parties may incur or sustain or which may be made against it in any jurisdiction as a result of or in connection with or arising out of its using the Personal Data disclosed by you for the Purposes (including reasonable expenses and fees of legal and/or other professional advisers appointed by us for disputing or defending any such action, claim or proceeding), provided that you shall have no liability to indemnify the Indemnified Parties as a result of any gross negligence, wilful breach or wilful default on the part of the Indemnified Parties.

Requesting access to and correction of your Personal Data

You have the right to request and obtain access to Personal Data in our possession, to have Personal Data relating to you which is inaccurate corrected, as well as to object to the processing of Personal Data for legitimate reasons.

You may do this by contacting our Personal Data Protection Officer (contact details below).

We may need to validate your identity when such a request is made (to ensure that we do not provide your Personal Data to anyone who does not have the right to access such data).

Complaints

If you believe that we have not complied with our obligations under the PDPA in relation to your personal data, please contact our Personal Data Protection Officer (contact details below).

Contact

If you have any queries with respect to our Policy and practices in relation to your Personal Data please contact:

The Personal Data Protection Officer

Email: admin@3peaks.sg

or any of our staff currently servicing you.

This Policy is based on current laws and regulations in Singapore. If there are any amendments to this Policy, we will post the updated Policy on our website so that you are kept up-to-date of our policies and practices with respect to the collection, use and disclosure of your Personal Data.